terraform-module-aws-rds

Terraform module that helps you create a RDS instance.

This module can create :

• 1 RDS cluster with n RDS cluster endpoint OR 1 RDS db instance (dynamiclly choosen depending the engine)
• 1 option group (if not RDS cluster)
• 1 parameter group / cluster parameter group (dynamiclly choosen depending the engine)
• 1 subnet group
• 1 KMS key
• 1 security group that allow security groups and/or cidr range to access to the database
• Export RDS endpoint, RDS reader endpoint, RDS port, master username, master password, database name and character set name on SSM parameters. Master username and master password are stored as SecureString, encrypted by a KMS key.

Limitations:

• This module doesn't support RDS global cluster creation. There is an issue with deletion :

  error deleting RDS Cluster (nsu6suhxtftest-00001): InvalidDBClusterStateFault: This cluster is a part of a global cluster, please remove it from globalcluster first
  

• No KMS key created internally for performance insights. Must be given externally.
• You can't specify the availability zone for RDS cluster because API has an issue: https://github.com/terraform-providers/terraform-provider-aws/issues/1111

Requirements

Name	Version
terraform	>= 0.12
aws	>= 2.57, < 4.0

Providers

Name	Version
aws	>= 2.57, < 4.0
random	n/a

Inputs

Name	Description	Type	Default	Required
additionnal_security_group	Additionnal security group to add to db.	list(string)	[]	no
allowed_cidrs	List of CIDR's that will be allowed to talk to the database. These should be CIDR's of the “clients” accessing the RDS.	list(string)	[]	no
allowed_security_group_ids	List of security group ID's that will be allowed to talk to the database. These should be the security groups of the “clients” accessing the RDS.	list(string)	[]	no
allowed_security_group_ids_count	Number of security group ID's that are set in the allowed_security_group_ids variable.	number	0	no
apply_immediately	Specifies whether any database modifications are applied immediately, or during the next maintenance window	bool	false	no
auto_minor_version_upgrade	Indicates that minor engine upgrades will be applied automatically to the DB instance during the maintenance window.	bool	true	no
backtrack_window	The target backtrack window, in seconds. Only available for aurora engine currently. To disable backtracking, set this value to 0	number	0	no
backup_retention_period	The number of days to retain backups for. Default 1	number	1	no
ca_cert_identifier	he daily time range during which automated backups are created if automated backups are enabled using the BackupRetentionPeriod parameter.Time in UTC	string	null	no
cloudwatch_logs_exports	List of log types to export to cloudwatch.	list(string)	[]	no
copy_tags_to_snapshot	Copy all Cluster tags to snapshots. Default is false.	bool	false	no
create_ssm_parameters	Create SMM parameters related to database informations	bool	false	no
database_identifier	The database identifier	string	""	no
database_name	Name for an automatically created database on cluster creation.	string	null	no
db_instance_allocated_storage	The allocated storage in gibibytes.	number	null	no
db_instance_allow_major_version_upgrade	Indicates that major version upgrades are allowed.	bool	false	no
db_instance_availability_zone	Availability zone for the instance.	string	null	no
db_instance_character_set_name	The character set name to use for DB encoding in Oracle instances.	string	null	no
db_instance_delete_automated_backups	Specifies whether to remove automated backups immediately after the DB instance is deleted.	bool	true	no
db_instance_domain	The ID of the Directory Service Active Directory domain to create the instance in.	string	null	no
db_instance_domain_iam_role_name	The name of the IAM role to be used when making API calls to the Directory Service.	string	null	no
db_instance_global_tags	Tags to be merge to all db instances	map(string)	{}	no
db_instance_instance_class	Instance classes to use.	string	null	no
db_instance_iops	The amount of provisioned IOPS. Setting this implies a storage_type of “io1”.	number	null	no
db_instance_license_model	License model information for this DB instance.	string	null	no
db_instance_max_allocated_storage	When configured, the upper limit to which Amazon RDS can automatically scale the storage of the DB instance.	number	null	no
db_instance_multi_az	Specifies if the RDS instance is multi-AZ	bool	false	no
db_instance_performance_insights_retention_period	The amount of time in days to retain Performance Insights data	number	null	no
db_instance_promotion_tiers	List of number for failover Priority setting on instance level. This will be use for the master election, and, load balancing into the cluster.	list(number)	null	no
db_instance_replicate_source_db	Specifies that this resource is a Replicate database, and to use this value as the source database.	string	null	no
db_instance_storage_type	One of “standard” (magnetic), “gp2” (general purpose SSD), or “io1” (provisioned IOPS SSD).	string	null	no
db_instance_tags	List of Tags to be merge to each db instances	list(map(string))	[]	no
db_instance_timezone	Time zone of the DB instance. timezone is currently only supported by Microsoft SQL Server.	string	null	no
db_subnet_group_name	The name of the DB subnet group.	string	null	no
db_subnet_group_subnet_ids	A list of VPC subnet IDs.	list(string)	[]	no
db_subnet_group_tags	Map of tags to be nerge with db subnet group	map(string)	{}	no
deletion_protection	If the DB instance should have deletion protection enabled.	bool	false	no
description	Description to be added on security_group, rds_parameter_group, kms_key and db_subnet_group.	string	null	no
enable	Whether or not to enable this module.	bool	true	no
enable_s3_import	Enable S3 import	bool	false	no
engine	The name of the database engine to be used for this DB	string	null	no
engine_mode	The database engine mode.	string	null	no
engine_version	The database engine version.	string	null	no
final_snapshot_identifier_prefix	The prefix name of your final DB snapshot when this DB cluster is deleted. This will be suffixed by a 5 digits random id managed by terraform.	string	null	no
iam_database_authentication_enabled	Specifies whether or mappings of AWS Identity and Access Management (IAM) accounts to database accounts is enabled.	bool	false	no
kms_key_alias_name	Alias of the KMS key	string	null	no
kms_key_create	Create a kms key for database	bool	false	no
kms_key_create_alias	Create a kms key alias for database	bool	false	no
kms_key_id	ID of KMS key used for database encryption.	string	null	no
kms_key_name	Name of the KMS if kms_key_create is set to true.	string	null	no
kms_key_policy_json	Policy of the KMS Key	string	null	no
kms_key_tags	Tags to be merged with all KMS key resources	map(string)	{}	no
manage_client_security_group_rules	Whether or not to manage the security group rules for the client security group ids (allowed_security_group_ids).	bool	true	no
master_password	Password for the master DB user.	string	null	no
master_username	Username for the master DB user.	string	null	no
monitoring_interval	The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance.	number	null	no
monitoring_role_arn	The ARN for the IAM role that permits RDS to send enhanced monitoring metrics to CloudWatch Logs.	string	null	no
num_suffix_digits	Number of significant digits to append to instances name.	number	2	no
option_group_engine_name	Specifies the name of the engine that this option group should be associated with.	string	null	no
option_group_major_engine_version	Specifies the major version of the engine that this option group should be associated with.	string	null	no
option_group_name	The name of the option group.	string	null	no
option_group_options	A list of map of Options to apply. Map must support the following structure: * option_name (required, string): The Name of the Option (e.g. MEMCACHED). * port (optional, number): The Port number when connecting to the Option (e.g. 11211). * version (optional, string): The version of the option (e.g. 13.1.0.0). * db_security_group_memberships (optional, string): A list of DB Security Groups for which the option is enabled. * vpc_security_group_memberships (optional, string): A list of VPC Security Groups for which the option is enabled. * option_settings (required, list of map): A list of map of option settings to apply: * name (required, string): The Name of the setting. * value (required, string): The Value of the setting. For example, see folder examples/db_instance_with_option_group.	any	[]	no
option_group_tags	Tags to be merge with the DB option group resource.	map(string)	{}	no
parameter_group_family	The family of the DB parameter group	string	null	no
parameter_group_name	The name of the DB parameter group.	string	null	no
parameter_group_parameters	List of map of parameter to add. apply_method can be immediate or pending-reboot.	list(object({ name = string value = string apply_method = string }))	[]	no
parameter_group_tags	Tags to be added with parameter group	map(string)	{}	no
performance_insights_enabled	Specifies whether Performance Insights is enabled or not.	bool	false	no
performance_insights_kms_key_id	The ARN for the KMS key to encrypt Performance Insights data.	string	null	no
port	The database port	number	null	no
preferred_backup_window	The daily time range during which automated backups are created if automated backups are enabled. Time in UTC, e.g. 04:00-09:00	string	null	no
preferred_maintenance_window	The weekly window to perform maintenance in. Time in UTC e.g. wed:04:00-wed:04:30	string	null	no
prefix	Prefix to be added to all resources, except SSM paramter keys. To prefix SSM parameter keys, see ssm_parameters_prefix.	string	""	no
publicly_accessible	Bool to control if instance is publicly accessible.	bool	false	no
rds_cluster_enable_http_endpoint	Enable HTTP endpoint (data API). Only valid when engine_mode is set to serverless.	bool	false	no
rds_cluster_enable_s3_import	Enable S3 import on RDS database creation	bool	false	no
rds_cluster_enable_scaling_configuration	Enable scalling configuration. Only valid when engine_mode is set to serverless.	bool	false	no
rds_cluster_global_cluster_identifier	The global cluster identifier.	string	null	no
rds_cluster_iam_roles	A List of ARNs for the IAM roles to associate to the RDS Cluster.	list(string)	[]	no
rds_cluster_identifier	The global cluster identifier.	string	""	no
rds_cluster_replication_source_identifier	ARN of a source DB cluster or DB instance if this DB cluster is to be created as a Read Replica.	string	null	no
rds_cluster_scaling_configuration_auto_pause	Whether to enable automatic pause. A DB cluster can be paused only when it's idle (it has no connections).	string	null	no
rds_cluster_scaling_configuration_max_capacity	The maximum capacity.	number	null	no
rds_cluster_scaling_configuration_min_capacity	The minimum capacity.	number	null	no
rds_cluster_scaling_configuration_seconds_until_auto_pause	The time, in seconds, before an Aurora DB cluster in serverless mode is paused.	number	null	no
rds_cluster_scaling_configuration_timeout_action	The action to take when the timeout is reached.	string	null	no
rds_cluster_source_region	The source region for an encrypted replica DB.	string	null	no
rds_cluster_tags	Tags to be merged to RDS cluster	map(string)	{}	no
rds_instance_availability_zones	List of the EC2 Availability Zone that each DB instance are created in.	list(string)	[]	no
rds_instance_instance_classes	List of instance classes to use.	list(string)	[]	no
rds_instance_promotion_tiers	List of number for failover Priority setting on instance level	list(number)	null	no
s3_import_bucket_name	The bucket name where your backup is stored.	string	null	no
s3_import_bucket_prefix	Can be blank, but is the path to your backup	string	null	no
s3_import_ingestion_role	Role applied to load the data.	string	null	no
s3_import_source_engine	Source engine for the backup	string	null	no
s3_import_source_engine_version	Version of source engine for the backup	string	null	no
security_group_name	Name of the security group	string	""	no
security_group_tags	Tags to be merged to the security group	map(string)	{}	no
security_group_vpc_id	ID of the VPC	string	null	no
skip_final_snapshot	Determines whether a final DB snapshot is created before the DB cluster is deleted.	bool	true	no
snapshot_identifier	The name of your final DB snapshot when this DB cluster is deleted.	string	null	no
ssm_parameters_character_set_name_description	Description of the character set name SSM parameter.	string	"Character set name of the database"	no
ssm_parameters_character_set_name_key_name	Name of the character set name SSM parameter key.	string	"characterSetName"	no
ssm_parameters_database_name_description	Description of the database name SSM parameter.	string	"Database name created by AWS"	no
ssm_parameters_database_name_key_name	Name of the database name SSM parameter key.	string	"databaseName"	no
ssm_parameters_endpoint_description	Description of the endpoint SSM parameter.	string	"DNS address of the database"	no
ssm_parameters_endpoint_key_name	Name of the endpoint SSM parameter key.	string	"endpoint"	no
ssm_parameters_endpoint_reader_description	Description of the endpoint reader SSM parameter.	string	"DNS address of the read only RDS cluser"	no
ssm_parameters_endpoint_reader_key_name	Name of the endpoint reader SSM parameter key.	string	"endpointReader"	no
ssm_parameters_export_character_set_name	Export the character set namein a SSM parameter. If no character set name are provisioned, SSM parameter value will be «N/A»	bool	true	no
ssm_parameters_export_database_name	Export the database name in a SSM parameter. If no database name are provisioned, SSM parameter value will be «N/A»	bool	true	no
ssm_parameters_export_endpoint	Export the endpoint name in a SSM parameter.	bool	true	no
ssm_parameters_export_endpoint_reader	Export the endpoint reader name in a SSM parameter. If provisioned engine isn't aurora, SSM parameter value will be «N/A»	bool	true	no
ssm_parameters_export_master_password	Export the master password in a secure SSM parameter.	bool	true	no
ssm_parameters_export_master_username	Export the master username in a secure SSM parameter.	bool	true	no
ssm_parameters_export_port	Export the database port in a SSM parameter.	bool	true	no
ssm_parameters_iam_policy_create	Create iam policy for SSM parameters and KMS key access.	bool	false	no
ssm_parameters_iam_policy_name_prefix_read_only	Name of the SSM parameters IAM read only policy.	string	""	no
ssm_parameters_iam_policy_name_prefix_read_write	Name of the SSM parameters IAM read write policy.	string	""	no
ssm_parameters_iam_policy_path	Path of the SSM parameters IAM policies.	string	null	no
ssm_parameters_kms_key_alias_name	Name of the alias KMS key.	string	""	no
ssm_parameters_kms_key_create	Create KMS key for SSM parameters.	bool	false	no
ssm_parameters_kms_key_id	ID of the kms key if toggle ssm_parameters_kms_key_create, ssm_parameters_use_database_kms_key or ssm_parameters_use_default_kms_key are disable.	bool	false	no
ssm_parameters_kms_key_name	Name of the KMS key.	string	""	no
ssm_parameters_kms_key_tags	Tags to be merge with all SSM parameters KMS key resources.	map(string)	{}	no
ssm_parameters_master_password_description	Description of the master passsword SSM parameter.	string	"Master password of the database"	no
ssm_parameters_master_password_key_name	Name of the master passsword SSM parameter key.	string	"masterPassword"	no
ssm_parameters_master_username_description	Description of the master username SSM parameter.	string	"Master username of the database"	no
ssm_parameters_master_username_key_name	Name of the master username SSM parameter key.	string	"masterUsername"	no
ssm_parameters_port_description	Description of the database port SSM parameter.	string	"Port of the database"	no
ssm_parameters_port_key_name	Name of the database port SSM parameter key.	string	"databasePort"	no
ssm_parameters_prefix	Prefix to be add on all SSM parameter keys. Cannot started by «/».	string	""	no
ssm_parameters_tags	Tags to be merge with all SSM parameters resources.	map(string)	{}	no
ssm_parameters_use_database_kms_key	Use the same KMS key as for the database	bool	false	no
ssm_parameters_use_default_kms_key	Use default AWS KMS key	bool	false	no
tags	Tags to be merged with all resources of this module.	map(string)	{}	no
use_default_kms_key	Use the default KMS key to encrypt DBs.	bool	true	no
use_num_suffix	Always append numerical suffix to all resources.	bool	true	no

Outputs

Name	Description
availability_zones	n/a
backup_retention_period	n/a
database_name	n/a
db_instance_allocated_storage	n/a
db_instance_character_set_name	n/a
db_instance_domain	n/a
db_instance_domain_iam_role_name	n/a
db_instance_multi_az	n/a
db_subnet_group_arn	n/a
db_subnet_group_id	n/a
endpoint	n/a
engine	n/a
engine_version	n/a
hosted_zone_id	n/a
instance_arns	n/a
instance_ids	n/a
kms_key_alias_arn	n/a
kms_key_alias_target_key_arn	n/a
kms_key_arn	n/a
kms_key_id	n/a
maintenance_window	n/a
master_username	n/a
option_group_arn	n/a
option_group_id	n/a
parameter_group_arn	n/a
parameter_group_id	n/a
port	n/a
preferred_backup_window	n/a
rds_cluster_arn	n/a
rds_cluster_availability_zones	n/a
rds_cluster_cluster_identifier	n/a
rds_cluster_cluster_members	n/a
rds_cluster_id	n/a
rds_cluster_instance_cluster_identifiers	n/a
rds_cluster_instance_dbi_resource_ids	n/a
rds_cluster_instance_endpoints	n/a
rds_cluster_instance_engine_versions	n/a
rds_cluster_instance_engines	n/a
rds_cluster_instance_identifiers	n/a
rds_cluster_instance_kms_key_ids	n/a
rds_cluster_instance_performance_insights_enableds	n/a
rds_cluster_instance_performance_insights_kms_key_ids	n/a
rds_cluster_instance_ports	n/a
rds_cluster_instance_storage_encrypteds	n/a
rds_cluster_instance_writers	n/a
rds_cluster_reader_endpoint	n/a
rds_cluster_replication_source_identifier	n/a
rds_cluster_storage_encrypted	n/a
resource_id	n/a
security_group_arn	n/a
security_group_description	n/a
security_group_egress	n/a
security_group_id	n/a
security_group_ingress	n/a
security_group_name	n/a
security_group_owner_id	n/a
security_group_vpc_id	n/a
ssm_parameters_arns	n/a
ssm_parameters_iam_policy_read_only_arn	n/a
ssm_parameters_iam_policy_read_only_description	n/a
ssm_parameters_iam_policy_read_only_id	n/a
ssm_parameters_iam_policy_read_only_name	n/a
ssm_parameters_iam_policy_read_only_path	n/a
ssm_parameters_iam_policy_read_only_policy	n/a
ssm_parameters_iam_policy_read_write_arn	n/a
ssm_parameters_iam_policy_read_write_description	n/a
ssm_parameters_iam_policy_read_write_id	n/a
ssm_parameters_iam_policy_read_write_name	n/a
ssm_parameters_iam_policy_read_write_path	n/a
ssm_parameters_iam_policy_read_write_policy	n/a
ssm_parameters_kms_alias_arn	n/a
ssm_parameters_kms_alias_target_key_arn	n/a
ssm_parameters_kms_key_arn	n/a
ssm_parameters_kms_key_id	n/a
ssm_parameters_names	n/a
ssm_parameters_types	n/a
ssm_parameters_versions	n/a